I think there also may be a problem with www.atheist.org.
The technical team behind the project confirmed it was a DoS attack. We had processes in place to manage the influx, including the temporary suspension of submissions when the email queue grew too large. We are working to get the site back online as soon as we can.
I don’t know what email type you have but if you disable relay on the exchange server and send only from its own or specific IP addresses it might help. You could get your MX and A-records changed with you ISP – messy but could work quickly enough. Maybe first change your admin a/c passwords and the same on your firewalls. If you want to post any tech info on it I can take a look at it.
if you think you may be able to help Reg The Fronkey Farmer, please contact firstname.lastname@example.org
You're running Apache on Linux, hopefully Debian or CentOS. The IP responds to pings. (Is it coming in on HTTP only?) It's likely a brute force SYN flood. There's a module for Apache called mod_evasive that may help. Google it. Make sure you get the latest version of mod-evasive for whatever Apache version you're running.
Most DDOS attacks come from 6000 agents or less. Keep blocking IPs and they'll run out of zombies sooner or later. If you block more than 50,000 or so and it's still coming at you, you may be dealing with a super botnet. If so, you're screwed and need to use an ISP that specializes in DDOS resistance.
gallup@eternal:~$ ping atheistcensus.com
PING atheistcensus.com (184.108.40.206) 56(84) bytes of data.
64 bytes from server.studioexcel.co.uk (220.127.116.11): icmp_req=1 ttl=50 time=91.3 ms
64 bytes from server.studioexcel.co.uk (18.104.22.168): icmp_req=2 ttl=50 time=93.0 ms
64 bytes from server.studioexcel.co.uk (22.214.171.124): icmp_req=3 ttl=50 time=91.9 ms
+ Stopped ping atheistcensus.com
gallup@eternal:~$ telnet 126.96.36.199 80
Connected to 188.8.131.52.
Escape character is '^]'.
GET / HTTP/1.0
HTTP/1.1 200 OK
Date: Sun, 09 Dec 2012 04:20:17 GMT
Last-Modified: Sun, 11 Nov 2012 03:20:36 GMT
<html><head><META HTTP-EQUIV="refresh" CONTENT="0;URL=/cgi-sys/defaultwebpage.cgi"></head><body></body></html>
Connection closed by foreign host.
I'm completely lost on this info would you please contact email@example.com if you can help
My site is routed through http://www.cloudflare.com/ - I was a charter member, and they've taken good care of me for years (plus I got a free T-shirt!)